Hmmmmmm, I only have one key for all. Currently it is stored in a chmod'ed 600 folder off my home directory (not root). I was told this was the safest place. I like your idea of a different key for each! But why in a hidden field? Isn't that too obvious? What about a cookie?

I did think about the cancel button, but there is still a chance they will bail without clicking it.

And how do you delete a record from a database automatically? Cron job? Thanks!

—Brad"The important work of moving the world forward does not wait to be done by perfect men." George Eliot

There is no security difference between a cookie and a hidden field in a form on the client side. They are both likeley to be stored on the hard disk. Having the key in the form just binds it closer to its use so it is less likely to leak out. If you were careful you could get the same effect with cookies -- using path etc.

It does not matter if someone has the key on the client machine, because the CC# is on your computer. And if they get into the database they will need the key from each client to get the stored CC#s.